Re: [DNSOP] Passive DNS - Common Output Format (draft-dulaunoy-kaplan-passive-dns-cof-01)
Sebastian Castro <sebastian@nzrs.net.nz> Thu, 27 February 2014 20:25 UTC
Return-Path: <sebastian@nzrs.net.nz>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A852D1A0665 for <dnsop@ietfa.amsl.com>; Thu, 27 Feb 2014 12:25:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.051
X-Spam-Level:
X-Spam-Status: No, score=0.051 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, J_CHICKENPOX_42=0.6, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xsr6CvXVP7bK for <dnsop@ietfa.amsl.com>; Thu, 27 Feb 2014 12:25:19 -0800 (PST)
Received: from srsomail.nzrs.net.nz (srsomail.nzrs.net.nz [202.46.183.22]) by ietfa.amsl.com (Postfix) with ESMTP id F23F41A0645 for <dnsop@ietf.org>; Thu, 27 Feb 2014 12:25:17 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by srsomail.nzrs.net.nz (Postfix) with ESMTP id 7827A4B99F9 for <dnsop@ietf.org>; Fri, 28 Feb 2014 09:25:15 +1300 (NZDT)
X-Virus-Scanned: Debian amavisd-new at srsomail.office.nzrs.net.nz
Received: from srsomail.nzrs.net.nz ([202.46.183.22]) by localhost (srsomail.office.nzrs.net.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Ri8HbHvRfK2 for <dnsop@ietf.org>; Fri, 28 Feb 2014 09:25:06 +1300 (NZDT)
Received: from [192.168.22.178] (unknown [202.46.183.35]) (Authenticated sender: sebastian) by srsomail.nzrs.net.nz (Postfix) with ESMTPSA id A292E4B99F7 for <dnsop@ietf.org>; Fri, 28 Feb 2014 09:25:06 +1300 (NZDT)
Message-ID: <530F9F22.7070300@nzrs.net.nz>
Date: Fri, 28 Feb 2014 09:25:06 +1300
From: Sebastian Castro <sebastian@nzrs.net.nz>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: "dnsop@ietf.org" <dnsop@ietf.org>
References: <52D298FB.3080100@redbarn.org> <52D6E0AB.807@redbarn.org>
In-Reply-To: <52D6E0AB.807@redbarn.org>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/2aANxz8qkJe4X9ZjCQdSgr_n8VU
Subject: Re: [DNSOP] Passive DNS - Common Output Format (draft-dulaunoy-kaplan-passive-dns-cof-01)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Feb 2014 20:25:21 -0000
On 16/01/14 08:25, Paul Vixie wrote: > speaking for the authors of the draft below, i request adoption by > dnsop. --vixie > Hi Paul and the rest of the authors. > https://datatracker.ietf.org/doc/draft-dulaunoy-kaplan-passive-dns-cof/ > > Internet Engineering Task Force A. Dulaunoy > Internet-Draft CIRCL > Intended status: Informational A. Kaplan > Expires: July 11, 2014 CERT.at > P. Vixie > H. Stern > Farsight Security, Inc. > January 7, 2014 > > Passive DNS - Common Output Format > draft-dulaunoy-kaplan-passive-dns-cof-01 > > Abstract > > This document describes a common output format of Passive DNS Servers > which clients can query. The output format description includes also > in addition a common semantic for each Passive DNS system. By having > multiple Passive DNS Systems adhere to the same output format for > queries, users of multiple Passive DNS servers will be able to > combine result sets easily. > I've read the 02 draft and I have a couple of comments: - In section 3.3, it reads: rdata MAY be an array as defined in JSON [RFC4627]. Implementors of this draft MUST be able to deal with rdata being returned as JSON array or alternatively as a JSON string. Thinking as a developer, it could be annoying to have to test if rdata is a string or an array. Given JSON arrays can be empty, wouldn't be better to express it always as an array? - In section 3.4.1 count Specifies how many authoritative DNS answers were received at the Passive DNS Server's collectors with exactly the given set of values as answers (i.e. same data in the answer set - compare with the uniqueness property in "Mandatory Fields"). The number of requests is expressed as a decimal value. If you collector is sitting in front of a recursor, that uses an upstream recursor (forwarder), the number of answers you are going to see it won't be the same of the number of authoritative answers. Given this, should count be an object like { 'total': integer, 'auth': integer } or be expressed in different fields? Finally, is there a reason why TTL are being omitted from the collection and responses? Cheers, > > ... > > > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > -- Sebastian Castro Technical Research Manager .nz Registry Services (New Zealand Domain Name Registry Limited) desk: +64 4 495 2337 mobile: +64 21 400535
- [DNSOP] Passive DNS - Common Output Format (draft… Paul Vixie
- Re: [DNSOP] Passive DNS - Common Output Format (d… Tony Finch
- [DNSOP] Passive DNS - Common Output Format (draft… Andreas Gustafsson
- Re: [DNSOP] Passive DNS - Common Output Format (d… Alexandre Dulaunoy
- Re: [DNSOP] Passive DNS - Common Output Format (d… L. Aaron Kaplan
- Re: [DNSOP] Passive DNS - Common Output Format (d… Tony Finch
- Re: [DNSOP] Passive DNS - Common Output Format (d… L. Aaron Kaplan
- Re: [DNSOP] Passive DNS - Common Output Format (d… Tony Finch
- Re: [DNSOP] Passive DNS - Common Output Format (d… Sebastian Castro